EP3087475A4 - Décompactage générique de binaires de programme - Google Patents
Décompactage générique de binaires de programme Download PDFInfo
- Publication number
- EP3087475A4 EP3087475A4 EP14875614.1A EP14875614A EP3087475A4 EP 3087475 A4 EP3087475 A4 EP 3087475A4 EP 14875614 A EP14875614 A EP 14875614A EP 3087475 A4 EP3087475 A4 EP 3087475A4
- Authority
- EP
- European Patent Office
- Prior art keywords
- program binaries
- unpacking
- generic
- generic unpacking
- binaries
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| IN6102CH2013 | 2013-12-26 | ||
| PCT/US2014/072158 WO2015100327A1 (fr) | 2013-12-26 | 2014-12-23 | Décompactage générique de binaires de programme |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| EP3087475A1 EP3087475A1 (fr) | 2016-11-02 |
| EP3087475A4 true EP3087475A4 (fr) | 2017-07-19 |
Family
ID=53479653
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP14875614.1A Withdrawn EP3087475A4 (fr) | 2013-12-26 | 2014-12-23 | Décompactage générique de binaires de programme |
Country Status (4)
| Country | Link |
|---|---|
| US (1) | US10311233B2 (fr) |
| EP (1) | EP3087475A4 (fr) |
| CN (1) | CN105765531A (fr) |
| WO (1) | WO2015100327A1 (fr) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2543813B (en) | 2015-10-30 | 2019-05-29 | F Secure Corp | Improved malware detection |
| JP6866645B2 (ja) | 2017-01-05 | 2021-04-28 | 富士通株式会社 | 類似度判定プログラム、類似度判定方法および情報処理装置 |
| JP2018109910A (ja) * | 2017-01-05 | 2018-07-12 | 富士通株式会社 | 類似度判定プログラム、類似度判定方法および情報処理装置 |
| EP3352110B1 (fr) * | 2017-01-23 | 2020-04-01 | Cyphort Inc. | Système et procédé de détection et de classification de logiciel malveillant |
| US10523694B2 (en) * | 2017-05-11 | 2019-12-31 | Bitdam Ltd | System and method for interception of malicious files |
| US10691791B2 (en) * | 2017-06-29 | 2020-06-23 | Paypal, Inc. | Automatic unpacking of executables |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100011441A1 (en) * | 2007-05-01 | 2010-01-14 | Mihai Christodorescu | System for malware normalization and detection |
Family Cites Families (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2245726B (en) | 1990-06-29 | 1994-08-24 | Sun Microsystems Inc | Accessing an option board in a computer system |
| IL132916A (en) * | 1999-11-14 | 2004-02-08 | Mcafee Inc | Method and system for intercepting an application program interface |
| US20030115479A1 (en) | 2001-12-14 | 2003-06-19 | Jonathan Edwards | Method and system for detecting computer malwares by scan of process memory after process initialization |
| GB2400934B (en) | 2003-04-25 | 2005-12-14 | Messagelabs Ltd | A method of,and system for detecting mass mailing viruses |
| US8151117B2 (en) | 2003-11-05 | 2012-04-03 | Vocalcomm Group, Llc | Detection of items stored in a computer system |
| US7620990B2 (en) | 2004-01-30 | 2009-11-17 | Microsoft Corporation | System and method for unpacking packed executables for malware evaluation |
| US20070006300A1 (en) * | 2005-07-01 | 2007-01-04 | Shay Zamir | Method and system for detecting a malicious packed executable |
| US7797746B2 (en) | 2006-12-12 | 2010-09-14 | Fortinet, Inc. | Detection of undesired computer files in archives |
| TWI335531B (en) * | 2006-12-13 | 2011-01-01 | Inst Information Industry | Apparatus, method, application program, and computer readable medium thereof for generating and utilizing a feature code to monitor a program |
| US9246938B2 (en) | 2007-04-23 | 2016-01-26 | Mcafee, Inc. | System and method for detecting malicious mobile program code |
| US7996904B1 (en) | 2007-12-19 | 2011-08-09 | Symantec Corporation | Automated unpacking of executables packed by multiple layers of arbitrary packers |
| KR101110308B1 (ko) * | 2008-12-22 | 2012-02-15 | 한국전자통신연구원 | 실행압축 특성을 이용한 악성코드 탐지장치 및 그 방법 |
| US20110258163A1 (en) | 2010-04-20 | 2011-10-20 | Smith Micro Software, Inc. | Dynamically created two-stage self extracting archives |
| JP5456715B2 (ja) | 2011-03-16 | 2014-04-02 | 日本電信電話株式会社 | データ特定装置、データ特定方法及びデータ特定プログラム |
| JP4927231B1 (ja) | 2011-12-22 | 2012-05-09 | 株式会社フォティーンフォティ技術研究所 | プログラム、情報機器、及び不正アクセス検出方法 |
| CN102402449A (zh) | 2011-12-30 | 2012-04-04 | 成都三零瑞通移动通信有限公司 | 一种在计算机上直接解析Android安装文件APK文件信息的方法 |
| US9092281B2 (en) * | 2012-10-02 | 2015-07-28 | Qualcomm Incorporated | Fast remote procedure call |
| US9471783B2 (en) | 2013-03-15 | 2016-10-18 | Mcafee, Inc. | Generic unpacking of applications for malware detection |
-
2014
- 2014-12-23 WO PCT/US2014/072158 patent/WO2015100327A1/fr active Application Filing
- 2014-12-23 EP EP14875614.1A patent/EP3087475A4/fr not_active Withdrawn
- 2014-12-23 CN CN201480064590.2A patent/CN105765531A/zh active Pending
- 2014-12-23 US US15/038,413 patent/US10311233B2/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100011441A1 (en) * | 2007-05-01 | 2010-01-14 | Mihai Christodorescu | System for malware normalization and detection |
Non-Patent Citations (4)
| Title |
|---|
| FANGLU GUO ET AL: "A Study of the Packer Problem and Its Solutions", 15 September 2008, RECENT ADVANCES IN INTRUSION DETECTION; [LECTURE NOTES IN COMPUTER SCIENCE], SPRINGER BERLIN HEIDELBERG, BERLIN, HEIDELBERG, PAGE(S) 98 - 115, ISBN: 978-3-540-87402-7, XP019105471 * |
| GASPAR FURTADO: "Unpacking Framework for Packed Malicious Executables", FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO, 29 July 2013 (2013-07-29), XP055379596, Retrieved from the Internet <URL:https://sigarra.up.pt/feup/pt/pub_geral.show_file?pi_gdoc_id=353024> [retrieved on 20170608] * |
| KEVIN A. ROUNDY ET AL: "Binary-code obfuscations in prevalent packer tools", ACM COMPUTING SURVEYS, vol. 46, no. 1, 1 October 2013 (2013-10-01), pages 1 - 32, XP055115653, ISSN: 0360-0300, DOI: 10.1145/2522968.2522972 * |
| See also references of WO2015100327A1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105765531A (zh) | 2016-07-13 |
| EP3087475A1 (fr) | 2016-11-02 |
| WO2015100327A1 (fr) | 2015-07-02 |
| US10311233B2 (en) | 2019-06-04 |
| US20160292417A1 (en) | 2016-10-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3080725A4 (fr) | Synchronisation d'application | |
| EP3063602A4 (fr) | Entrées d'écran tactile assistées par le regard | |
| EP3053119A4 (fr) | Application électronique | |
| EP3025678A4 (fr) | Instrument d'insertion de lentille intraoculaire | |
| EP3011415A4 (fr) | Saisie manuscrite électronique | |
| EP3036004A4 (fr) | Complexe dendrimère-resvératrol | |
| EP3082710A4 (fr) | Émulsion glycérol dans l'huile | |
| EP3087475A4 (fr) | Décompactage générique de binaires de programme | |
| EP3083580A4 (fr) | Procédé de préparation de succinate de trélagliptine | |
| EP3049079A4 (fr) | Formes solides de ceftolozane | |
| EP3283946A4 (fr) | Approche à base de bioséquence permettant d'analyser des binaires | |
| EP2997462A4 (fr) | Optimisation dynamique de logiciel s'exécutant en pipeline | |
| EP3065774A4 (fr) | Anticorps anti-ccl17 | |
| EP3030585A4 (fr) | Amidon modifié | |
| EP3016935A4 (fr) | Procédé pour la préparation d'intermédiaire de dolutégravir | |
| EP3075375A4 (fr) | Préparation externe pour la peau | |
| EP3024440A4 (fr) | Formulation de métaxalone | |
| EP2786402B8 (fr) | Procédé de fabrication mécanosynthétique | |
| GB201217916D0 (en) | Publishing of an application program interface | |
| EP3043646A4 (fr) | Procédés de production de 2-halonicotinonitriles | |
| EP3071575A4 (fr) | Préparation de normorphinanes | |
| AU2013902520A0 (en) | Analysis of movements | |
| AU2013903472A0 (en) | AAC shield | |
| AU2013903423A0 (en) | Regulatory molecules | |
| AU2013902711A0 (en) | Compounds and methods of their use - IV |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| 17P | Request for examination filed |
Effective date: 20160520 |
|
| AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
| AX | Request for extension of the european patent |
Extension state: BA ME |
|
| DAX | Request for extension of the european patent (deleted) | ||
| A4 | Supplementary search report drawn up and despatched |
Effective date: 20170619 |
|
| RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 9/44 20060101AFI20170612BHEP Ipc: G06F 21/56 20130101ALI20170612BHEP |
|
| RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: MCAFEE, LLC |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
| 18W | Application withdrawn |
Effective date: 20181107 |